BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS - PowerPoint PPT Presentation

About This Presentation
Title:

BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS

Description:

malware (viruses, worms, trojan horses) Prevent exploitation from: ... Draft report (revision 2) at http://www.itu.int/md/D06-SG01-C-0146/en (TIES required) ... – PowerPoint PPT presentation

Number of Views:165
Avg rating:3.0/5.0
Slides: 17
Provided by: Pro127
Category:

less

Transcript and Presenter's Notes

Title: BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS


1
BEST PRACTICES FOR ORGANIZING NATIONAL
CYBERSECURITY EFFORTS
ITU-T Workshop onNew challenges for
Telecommunication Security Standardizations"
Geneva, 9(pm)-10 February 2009
  • James Ennis
  • US Department of State

2
ITU-D Q22/1 History
  • Created by World Telecommunication Development
    Conference (WTDC) in 2006 (Doha)
  • Five meetings September 2006, May 2007,
    September 2007, April 2008, September 2008
  • Next meeting April 6-7, 2009

3
ITU-D Q22/1 Mandate(1)
  • Survey, catalogue, describe, and raise awareness
    of
  • Principal issues facing national policy-makers in
    building a culture of cybersecurity
  • Principal sources of cybersecurity information
    and assistance
  • Successful best practices employed by national
    policy-makers to organize for cybersecurity
  • Unique challenges faced by developing countries

4
ITU-D Q22/1 Mandate (2)
  • Examine best practices for watch, warning,
    incident response recovery

5
What Does Cybersecurity Apply to?
  • Applies to cyberspace electronic information
    communication systems the information they
    contain

6
What is Cybersecurity Supposed to Do?
  • Prevent damage from
  • denial of service attacks
  • malware (viruses, worms, trojan horses)
  • Prevent exploitation from
  • Spyware, fraud (phishing, identity theft)
  • Restore systems after attacks

7
Why is Cybersecurity Important?
  • Today, all critical sectors of economy rely on IP
    networks for transacting business, government
    services, etc.
  • IP networks, not designed to be secure, face
    increasing numbers of cyber attacks of increasing
    sophistication.
  • To maximize the value IP networks can add to a
    national economy, they must be reliable, secure,
    trusted.

8
Five Keys to a Good National Cybersecurity Program
  • A national strategy
  • Government industry collaboration
  • Sound legal foundation to fight cybercrime
  • National incident management capability
  • National awareness of the importance of
    cybersecurity

9
A National Strategy (1)
  • Government needs to understand importance of
    cybersecurity for national economy
  • Economic impact of cybersecurity attacks is
    severe 2003 estimates
  • USD13B (worms viruses),
  • USD226B (all forms of overt attack)
  • Does not include macro-economic costs

10
A National Strategy (2)
  • National strategy should have an international
    component
  • Cyberattacks are borderless
  • National cybersecurity achieved only when
    international cybersecurity is achieved
  • Countries have a mutual economic interest in
    working together to achieve global cybersecurity

11
Collaboration between Government and Industry
  • Government industry collaboration on
    cybersecurity important
  • Industry owns most of the IP network
    infrastructure
  • Industry has expertise to find solutions to cyber
    incidents
  • Industry usually first to know
  • Industry knows what can cannot be done

12
A Sound Legal Foundation to Fight Cyber Abuses
  • Enact enforce comprehensive set of laws on
    cybersecurity crime
  • WSIS (Tunis agenda) develop necessary
    legislation for the investigation and prosecution
    of cybercrime, noting existing frameworks for
    example, UNGA Res 55/63, 56/121, regional
    initiatives such as the Council of Europe
    Convention on Cybercrime.

13
National Incident Management Watch, Warning,
Response Recovery
  • Governments need to develop government-wide
    system to counter cyber-attacks
  • National Computer Security Incident Response
    Team, N-CSIRT
  • N-CSIRT roles
  • Information sharing
  • Development of procedures, controls, tools to
    protect government systems

14
National Awareness of Importance of Cybersecurity
  • Many vulnerabilities result from users poor
    cybersecurity awareness
  • Government the culture of cybersecurity
  • E-government
  • Education training
  • Financial assistance and incentives
  • Research development
  • Guidance on privacy issues
  • Role of international/regional forums

15
Q22/1 Draft Report
  • Two Annexes to the draft report provide
    introductions to concepts of SPAM and Identity
    Management
  • Annex A SPAM Associated Threats
  • Annex B Identity Management
  • A third Annex contains extensive references to
    materials on each of the five keys to a
    successful national cybersecurity program.

16
Question 22 Status
  • Draft report (revision 2) at http//www.itu.int/md
    /D06-SG01-C-0146/en (TIES required)
  • We invite you to participate in the April 2009
    meeting of Q22 to contribute to the development
    of the report to improve its usefulness for
    national administrations
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!